[AC-1880] Public API - Deprecated properties (#3706)

* feat: remove required for AccessAll and add xmldoc for usage restrictions, refs AC-1880

* feat: add validation for create group workflow wrt manage property, refs AC-1880

* feat: add validation for update group workflow wrt manage property, refs AC-1880

* feat: add validation for create and update member workflow wrt manage property, refs AC-1880

* feat: add validation for update collection workflow wrt manage property, refs AC-1880

* fix: flaky Public/GroupsControllerTests + more test coverage, refs AC-1880

src/Api/AdminConsole/Controllers/GroupsController.cs

@@ -125,7 +125,7 @@ public class GroupsController : Controller
 
         var organization = await _organizationRepository.GetByIdAsync(orgIdGuid);
         var group = model.ToGroup(orgIdGuid);
-        await _createGroupCommand.CreateGroupAsync(group, organization, model.Collections?.Select(c => c.ToSelectionReadOnly()), model.Users);
+        await _createGroupCommand.CreateGroupAsync(group, organization, model.Collections?.Select(c => c.ToSelectionReadOnly()).ToList(), model.Users);
 
         return new GroupResponseModel(group);
     }
@@ -143,7 +143,7 @@ public class GroupsController : Controller
         var orgIdGuid = new Guid(orgId);
         var organization = await _organizationRepository.GetByIdAsync(orgIdGuid);
 
-        await _updateGroupCommand.UpdateGroupAsync(model.ToGroup(group), organization, model.Collections?.Select(c => c.ToSelectionReadOnly()), model.Users);
+        await _updateGroupCommand.UpdateGroupAsync(model.ToGroup(group), organization, model.Collections?.Select(c => c.ToSelectionReadOnly()).ToList(), model.Users);
         return new GroupResponseModel(group);
     }
 

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -308,7 +308,7 @@ public class OrganizationUsersController : Controller
 
         var userId = _userService.GetProperUserId(User);
         await _organizationService.SaveUserAsync(model.ToOrganizationUser(organizationUser), userId.Value,
-            model.Collections?.Select(c => c.ToSelectionReadOnly()), model.Groups);
+            model.Collections?.Select(c => c.ToSelectionReadOnly()).ToList(), model.Groups);
     }
 
     [HttpPut("{id}/groups")]

src/Api/AdminConsole/Public/Controllers/GroupsController.cs

@@ -111,7 +111,7 @@ public class GroupsController : Controller
     {
         var group = model.ToGroup(_currentContext.OrganizationId.Value);
         var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
-        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organization.FlexibleCollections));
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organization.FlexibleCollections)).ToList();
         await _createGroupCommand.CreateGroupAsync(group, organization, associations);
         var response = new GroupResponseModel(group, associations);
         return new JsonResult(response);
@@ -140,7 +140,7 @@ public class GroupsController : Controller
 
         var updatedGroup = model.ToGroup(existingGroup);
         var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
-        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organization.FlexibleCollections));
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organization.FlexibleCollections)).ToList();
         await _updateGroupCommand.UpdateGroupAsync(updatedGroup, organization, associations);
         var response = new GroupResponseModel(updatedGroup, associations);
         return new JsonResult(response);

src/Api/AdminConsole/Public/Controllers/MembersController.cs

@@ -5,7 +5,6 @@ using Bit.Api.Models.Public.Response;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
-using Bit.Core.Models.Business;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
@@ -123,14 +122,7 @@ public class MembersController : Controller
     public async Task<IActionResult> Post([FromBody] MemberCreateRequestModel model)
     {
         var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(_currentContext.OrganizationId.Value);
-        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organizationAbility?.FlexibleCollections ?? false));
-        var invite = new OrganizationUserInvite
-        {
-            Emails = new List<string> { model.Email },
-            Type = model.Type.Value,
-            AccessAll = model.AccessAll.Value,
-            Collections = associations
-        };
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organizationAbility?.FlexibleCollections ?? false)).ToList();
         var user = await _organizationService.InviteUserAsync(_currentContext.OrganizationId.Value, null,
             model.Email, model.Type.Value, model.AccessAll.Value, model.ExternalId, associations, model.Groups);
         var response = new MemberResponseModel(user, associations);
@@ -159,7 +151,7 @@ public class MembersController : Controller
         }
         var updatedUser = model.ToOrganizationUser(existingUser);
         var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(_currentContext.OrganizationId.Value);
-        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organizationAbility?.FlexibleCollections ?? false));
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection(organizationAbility?.FlexibleCollections ?? false)).ToList();
         await _organizationService.SaveUserAsync(updatedUser, null, associations, model.Groups);
         MemberResponseModel response = null;
         if (existingUser.UserId.HasValue)

src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs

@@ -22,7 +22,7 @@ public abstract class AssociationWithPermissionsBaseModel
     public bool? HidePasswords { get; set; }
     /// <summary>
     /// When true, the manage permission allows a user to both edit the ciphers within a collection and edit the users/groups that are assigned to the collection.
-    /// This field will not affect behavior until the Flexible Collections functionality is released in Q1, 2024.
+    /// This field will not affect behavior until your organization is using the latest collection enhancements (Releasing Q1, 2024)
     /// </summary>
     public bool? Manage { get; set; }
 }

src/Api/AdminConsole/Public/Models/GroupBaseModel.cs

@@ -13,9 +13,9 @@ public abstract class GroupBaseModel
     public string Name { get; set; }
     /// <summary>
     /// Determines if this group can access all collections within the organization, or only the associated
-    /// collections. If set to <c>true</c>, this option overrides any collection assignments.
+    /// collections. If set to <c>true</c>, this option overrides any collection assignments. If your organization is using
+    /// the latest collection enhancements, you will not be allowed to set this property to <c>true</c>.
     /// </summary>
-    [Required]
     public bool? AccessAll { get; set; }
     /// <summary>
     /// External identifier for reference or linking this group to another system, such as a user directory.

src/Api/AdminConsole/Public/Models/MemberBaseModel.cs

@@ -36,15 +36,16 @@ public abstract class MemberBaseModel
     }
 
     /// <summary>
-    /// The member's type (or role) within the organization.
+    /// The member's type (or role) within the organization. If your organization has is using the latest collection enhancements,
+    /// you will not be allowed to assign the Manager role (OrganizationUserType = 3).
     /// </summary>
     [Required]
     public OrganizationUserType? Type { get; set; }
     /// <summary>
     /// Determines if this member can access all collections within the organization, or only the associated
-    /// collections. If set to <c>true</c>, this option overrides any collection assignments.
+    /// collections. If set to <c>true</c>, this option overrides any collection assignments. If your organization is using
+    /// the latest collection enhancements, you will not be allowed to set this property to <c>true</c>.
     /// </summary>
-    [Required]
     public bool? AccessAll { get; set; }
     /// <summary>
     /// External identifier for reference or linking this member to another system, such as a user directory.

src/Api/Public/Controllers/CollectionsController.cs

@@ -93,7 +93,7 @@ public class CollectionsController : Controller
         }
         var updatedCollection = model.ToCollection(existingCollection);
         var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(_currentContext.OrganizationId.Value);
-        var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection(organizationAbility?.FlexibleCollections ?? false));
+        var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection(organizationAbility?.FlexibleCollections ?? false)).ToList();
         await _collectionService.SaveAsync(updatedCollection, associations);
         var response = new CollectionResponseModel(updatedCollection, associations);
         return new JsonResult(response);